PREPARE YOUR COMPANY FOR NIS-2
What is NIS-2 and why is it important for your company?
NIS-2 is an EU directive aimed at raising cybersecurity standards and enhancing the resilience of organizations against cyber threats. It introduces uniform cybersecurity requirements across the EU, obliging businesses to implement appropriate protective policies.
In Poland, the NIS-2 directive will be implemented through an amendment to the Act on the National Cybersecurity System. Work is already underway, and while the deadline for the adoption of the regulations is not yet known, organizations will have only six months to comply with the new requirements after it comes into force.
This means that it is advisable to start preparations now.
WHICH COMPANIES WILL BE COVERED BY NIS-2
Who does NIS-2 apply to?
The scope of entities covered by the NIS-2 directive is unprecedentedly broad. It includes sectors such as energy, transport, banking, public administration, manufacturing, machinery, electronics, digital services, and courier services.
Moreover, it also applies to sectors not traditionally associated with cybersecurity, such as food production, chemicals, and healthcare – and this is still not a complete list!
The directive specifies a list of essential and important entities subject to the new regulations. Regardless of their size and revenue, small and micro enterprises can also be covered by NIS-2 and recognised as essential if their activities relate to certain sectors.
It is estimated that the directive will directly affect around 30,000 enterprises in Poland.
Essential entities
Criteria:
- above 250 employees, and/or
- annual turnover exceeding EUR 50 million and/or
- annual balance sheet total exceeding EUR 43 million
Economic sectors:
Energy:
-
- Electricity
- District heating or cooling systems
- Oil
- Gas
- Hydrogen
- Transport (air, rail, maritime, road)
- Banking
- Financial market infrastructure
- Healthcare
- Drinking water supply and distribution
- Wastewater
- Digital infrastructure
- ICT service management (inter-enterprise)
- Public administration
- Space
Important entities
Criteria:
- more than 50 employees, and/or
- annual turnover exceeding EUR 10 million or
- annual balance sheet total exceeding EUR 10 million
Economic sectors:
- Postal and courier services
- Waste management
- Production, manufacturing, and distribution of chemicals
- Production, processing, and distribution of food
- Production:
- medical devices
- computers
- electronic and optical products
- electrical equipment and machinery
- motor vehicles, trailers and semitrailers, and automotive parts
- ships, aircraft, and boats
- Digital services
- Scientific research
TASKS FOR THE COMPANY
What obligations do entrepreneurs have?
Entities covered by the NIS-2 directive will be required to take various actions to ensure protection against cyber threats, including:
- Systematic risk assessment
- Risk management
- Prevention, detection, and response to incidents
- Implementation of technical and organisational measures
- Monitoring vulnerabilities to cyber threats
- Ensuring supply chain security
TASKS FOR ENTERPRISES
Why is it worth getting interested?
Even if your company is not directly subject to the new regulations, they may still impact it indirectly through the requirements imposed by supply chain partners.
Every company covered by the directive must ensure the security of its partners, which means that either your company will have to pass the requirements onto its suppliers, or additional requirements may be imposed on your enterprise.
RISKS FOR ENTERPRISES
Consequences for enterprises
Non-compliance with the new regulations can lead to serious consequences:
High financial penalties:
- at least 10 million EUR or 2% of annual turnover (for essential entities)
- at least 7 million EUR or 1.4% of annual turnover (for important entities)
- kara indywidualna do 600% wynagrodzenia dla osoby zarządzającej obszarem cyberbezpieczeństwa
- liability of management, including disqualification from holding managerial positions
- suspension of licenses or permits
In addition to direct financial penalties, non-compliance can also harm the company’s reputation, leading to a loss of trust among customers and business partners. In today’s globalised world, where data security is a priority, failure to adhere to regulations can have long-term negative consequences for any organisation.
OUR SERVICES
How can we help?
As NGL Group, we offer comprehensive, integrated support in adapting your company to the NIS-2 requirements, combining legal expertise with in-depth knowledge of organisational security aspects and the technological competencies of our experts and trusted partners.
Everything under one roof – we handle the entire process, from documentation analysis to implementing changes and providing practical operational support, allowing our clients to focus on business growth without worrying about compliance with regulations.
Audit and recommendations for change
We conduct a detailed legal, organisational, and technological audit to assess your company’s current compliance status with the new regulations. We will identify areas needing improvement and develop a plan for implementing the necessary changes.
Implementation of recommendations
We will help prepare the necessary changes to the documentation, oversee the implementation of technical requirements, and organise training for the team.
Ongoing support and compliance with NIS-2
We will provide ongoing support in maintaining compliance with the NIS-2 implementation law and new requirements resulting from emerging threats. We also offer incident reporting assistance to minimise the impact on your organisation.
We guarantee full implementation compliance once the law is published in Poland
We know that work is underway on the implementation of the NIS-2 Directive into Polish law, so as part of our services, we ensure that if there are any differences arising from the Polish regulations after the publication of the law, our team will make the correction and make the final changes free of charge.
However, it is worth starting preparations now.
Contact us
Make an appointment with our expert and find out how we can help your company meet NIS-2 requirements.
Digital sector
Engineering sector
GO TO BIO